Authentication Security Module

Version 9.1 by Simon Urli on 2019/11/18 12:04

cogA set of APIs to provide additional security checks during authentication
TypeJAR
Category
Developed by

XWiki Development Team

Rating
0 Votes
LicenseGNU General Public License 1
Bundled With

XWiki Standard

Compatibility

Since 11.6RC1

Description

This module provides API to enable new checks during the authentication.
Default implementation of the module provide the ability to triggers security checks when a user failed to authenticate multiple times in a given time window.

Configuration

 

The configuration of a the module allows to setup three information:

  • the authentication failure strategies (default is CAPTCHA)
  • the maximum number of failing login attempts authorized before activating a strategy (default is 3)
  • the time window during which those attempts should occur (default is 5 minutes)

Setting no strategy or 0 to the maximum number of attempts, or to the time window will disable the feature.
This configuration is available in the Administration > Authentication page by default.

Authentication Failure Manager

This component is responsible to record the authentication failures, and to trigger the strategies based on the given configuration.

Authentication Failure Strategies

Two strategies are currently implemented and available.

CAPTCHA

 

This is the default strategy. When a user reached the limit number of authentication attempts, a CAPTCHA is displayed in the login page, and the user have to solve it in order to be login.

Disable Account

 

This strategy will automatically disable the user account in case of repeated authentication failure. In that case he needs to contact an administrator of the wiki to enable it back.

Events

Two new events are provided:

  • AuthenticationFailureEvent which is triggered whenever a user fails his authentication
  • AuthenticationFailureLimitReachedEvent which is triggered when the authentication failure manager detected that a user reached the limit of authentication failures.
Tags:
    

Get Connected